EP1638285B1 - Appareil et procédé pour l'attribution dynamique d'un agent local externe pour des réseaux privés virtuels - Google Patents
Appareil et procédé pour l'attribution dynamique d'un agent local externe pour des réseaux privés virtuels Download PDFInfo
- Publication number
- EP1638285B1 EP1638285B1 EP04255698A EP04255698A EP1638285B1 EP 1638285 B1 EP1638285 B1 EP 1638285B1 EP 04255698 A EP04255698 A EP 04255698A EP 04255698 A EP04255698 A EP 04255698A EP 1638285 B1 EP1638285 B1 EP 1638285B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- external
- message
- network
- home agent
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Not-in-force
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/06—Registration at serving network Location Register, VLR or user mobility server
- H04W8/065—Registration at serving network Location Register, VLR or user mobility server involving selection of the user mobility server
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W80/00—Wireless network protocols or protocol adaptations to wireless operation
- H04W80/04—Network layer protocols, e.g. mobile IP [Internet Protocol]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/14—Backbone network devices
Definitions
- the present invention relates to an apparatus of dynamically assigning external home agent (x-HA) for mobile virtual private networks (VPNs) and method for the same; especially to an apparatus of dynamically assigning x-HA for IPsec-based mobile VPNs and method for the same.
- x-HA external home agent
- VPNs virtual private networks
- the virtual private network is developed to provide a dedicated channel between a remote computer and a local server through a wide area network such as Internet.
- the VPN also provides measure to ensure the security of communication, just like the trusted internal network (Intranet).
- VPN provides following measures to ensure security:
- IP Internet protocol
- IETF Internet Engineering Task Force
- RRC Request for Comments
- Mobile IPv4 (IETF RFC 3344) is adopted in mobile VPN architecture.
- MIP Mobile IP
- a Mobile IP MIP
- HA Home Agent
- the MN During movement, the MN would get a new care-of address (CoA) from the external network. It requires the VPN gateway refresh IPsec tunnel endpoints after MN's each movement into a new IP subnet. However, all packets including MIP messages are encrypted by IPsec protocol. Therefore, FA cannot decrypt MIP messages. Thus, FA is unable to relay MIP messages.
- CoA care-of address
- the IETF MIP4 Working Group is proposing a mechanism to support international seamless roaming (ISR) for VPN users.
- i-HA internal HA
- x-HA external HA
- the x-HA is augmented to encapsulate the IPsec tunnel with the x-MIP tunnel. Therefore, the IPsec tunnel will not break when MN gets a new CoA. The FA will also be able to understand the MIP messages.
- the IETF solution there is no modification to Mobile IPv4 and IPsec standards. Only some changes are necessary for MN.
- Fig. 1 is a schematic diagram of mobile VPN architecture defined by IETF.
- an MN 1 roams in Intranet 10 through an i-HA 11.
- the MN 1 requires registering to an x-HA 21 for obtaining a new CoA when the MN moves from Intranet 10 to Internet 20.
- the MN 1 uses its external home address (x-HoA) to build an IPsec channel with the home VPN gateway 22 through Internet Key Exchange (IKE).
- IKE Internet Key Exchange
- the VPN-TIA VPN Tunnel Inner Address
- the MN 1 registers the VPN-TIA to the i-HA 11 as its internal co-located CoA.
- IPsec ESP Encapsulating Security Payload
- Fig. 2 shows the message structure of the mobile VPN as MN moves from Intranet 10 to Internet 20.
- the message contains an original packet 31, an i-MIP channel message 32 encapsulating the original packet 31 and used for the i-HA 11 and the VPN gateway 22, an IPsec channel massage 33 encapsulating the i-MIP channel message 32 and used for the VPN gateway 22 and the x-HA 21, and an x-MIP channel massage 34 encapsulating the IPsec channel massage 33 and used for the x-HA 21 and MN 1 .
- a static x-HA 21 is provided in Internet 20.
- the placement of x-HA will impact the handoff latency between the FA and the x-HA 21 and end-to-end latency when the Internet 20 has a plurality of subnets.
- the x-HA is outside VPN and might not be under the control of the VPN. Therefore, there should be a trusted mechanism to assign the x-HA.
- the present invention is intended to assign the x-HA dynamically so the handoff latency and end-to-end latency could be minimized.
- AAA Authentication, Authorization and Accounting
- x-HA external home agent
- the external HA closest to the MN in the visited external network is selected for mobility management of the MN.
- the MN only need to register with the same external HA when roaming in the same external network.
- the handoff latency and end-to-end latency for a roaming MN therefore, could be reduced significantly. It will also not reestablish the IPsec tunnel within the same external network.
- the present invention provides a method of dynamically assigning external home agent (x-HA) for mobile Virtual Private Networks (VPNs).
- the method establishes VPN between at least one external network and an internal network and enabling at least mobile node (MN) roam in the external networks with security.
- the MN sends a Registration Request (Reg-Req) message to an external foreign agent (x-FA) when the MN roams to the external network for the first time.
- the x-FA then issues an AA-Mobile-Node-Request (AMR) message to a foreign AAA (AAAF) server.
- the AAAF server fills the Network Access Identifier (NAI) of a candidate x-HA in AMR message and sends the AMR message to the home AAA (AAAH) server.
- NAI Network Access Identifier
- the AAAH server establishes a security association (SA) among the candidate x-HA, the x-FA and the MN and generates a Home-Agent-MIP-Request (HAR) message for sending to the x-HA.
- SA security association
- HAR Home-Agent-MIP-Request
- the x-HA allocates an external home address (x-HoA) for the MN and fills the x-HoA and its address in the Home-Agent-MIP Answer (HAA) message.
- the x-HA then sends the HAA message to the AAAH server.
- the AAAH sever uses the pre-configured VPN-TIA as the internal CoA of the MN for registration to the i-HA, and the i-HA authorizes the AAAH server to send an AA ⁇ Mobile-Node-Answer (AMA) message to the x-FA.
- AMA Mobile-Node-Answer
- the x-FA obtains a Reg-Reply message from the AMA message and containing the x-HoA and HA addresses; and relays the Reg-Reply message to the MN.
- the MN uses the x-HoA for registration to the assigned x-HA, whereby the MN registers to a closest x-HA when roaming in the external network.
- the present invention provides an apparatus of dynamically assigning external home agent (x-HA) for mobile Virtual Private Networks (VPNs).
- the method establishes VPN between at least one external network and an internal network and enabling at least mobile node (MN) roam in the external networks with security.
- the apparatus of dynamically assigning x-HA comprises an internal home agent (i-HA), at least one external home agent (x-HA), a VPN gateway, at least one agent assigner (AAA servers), and at least one external foreign agent (x-FA).
- the i-HA is arranged in the internal network and manages a roaming registration for the MN when roaming in the internal network.
- the x-HA is arranged in the external network and manages a roaming registration for the MN when roaming in the external network.
- the VPN gateway establishes an IPsec channel between the internal network and the x-HA to ensure a secure connection of the MN to the internal network when the MN roams in the external network.
- the agent assigner (AAA server) is used for dynamically and securely assigning a reliable x-HA closest to the authenticated and authorized MN for managing the roaming registration for the MN.
- the x-FA is used for managing a roaming registration of the MN with respect to the x-HA, the agent assigner and the i-HA when the MN roams to the external network for the first time.
- the x-FA relays the IPsec channel between the MN and the VPN gateway, whereby the MN registers to a closest x-HA when roaming in the external network.
- Fig. 3 depicts the network topology for mobile VPN with dynamic x-HA assignment according to the present invention.
- An HA located in Internet and closest to the MN 80 is assigned as the x-HA 54 for the MN.
- the MN 80 can register to the x-HA 54 for establishing IPsec channel for the mobile VPN.
- the x-HA in visited domain can be dynamically allocated by using DHCP server, AAA (Authentication, Authorization and Accounting) server, DNS server, etc.
- An optimal HA is chosen for MN in geographical distant locations. Because the x-HA 54 is assigned closely to the MN 80, the latency between the x-HA 54 and MN 80 could be drastically reduced. Besides, the inter-subnet handoff will be faster. Moreover, the load among a group of HAs could also be balanced by administrative policies.
- the x-HA must be authenticated and authorized before it is assigned to the MN. Therefore, the AAA server should be adopted to assign the x-HA 54.
- the present invention employs the Diameter (IETF RFC 3588) as an AAA server.
- the Diameter can not only assign x-HA for MN in foreign administrative domain, but also serve as the key distribution center (KDC) to establish the security association (SA) dynamically between mobility agents, including MN.
- KDC key distribution center
- Fig. 3 shows an Intranet 40 and at least one public Internet network 50.
- the Intranet 40 is a protected private network and is connected to a DHCP server 41 and an interior router 42.
- the interior router 42 is connected to Internet through a DMZ (demilitarized zone), which is connected to home AAA server (AAAH) 61, a VPN gateway 62 and an exterior router 51.
- the exterior router 51 is connected to the public Internet network 50.
- the Intranet 40 comprises a plurality of subnets 43, each connected to at least one wireless access point (WAP) 44 for wireless linking to at least one MN 80.
- the Intranet 40 further comprises an i-HA 45 and an internal foreign agent (i-FA) 46.
- the i-HA 45 is connected to the first subnet 1
- the internal foreign agent (i-FA) 46 is connected to the second subnet 2
- the DHCP server 41 is connected to the third subnet 3.
- Fig. 4 is registration message flow of MN 80 in Intranet 40 and Fig. 5 is a registration flowchart of MN 80 roaming in Intranet 40.
- the MN 80 When the MN 80 is operated in inter-realm seamless roaming mode, namely, roaming from the first subnet 1 to the second subnet 2, the i-FA 46 broadcasts an Advertisement & Challenge message 100 to query where the MN 80 is roaming in Intranet 40 at step S200.
- the MN 80 sends a Registration Request (Reg-Req) message 105 to the i-FA 46 at step S205.
- the i-FA 46 cannot identify the MN 80 such that the i-FA 46 transfers the Reg-Req 105 to the i-HA 45 for registration at step S210.
- the i-HA 45 replies a Registration Reply (Reg-Reply) message 110 to the i-FA 46 at step S215.
- the i-FA 46 identifies the MN 80 by the Reg-Reply message 110 and then relays a Reg-Reply message 115 to the MN 80 at step S220 to complete the registration procedure for intra-realm roaming.
- the Internet 50 is an unprotected public network and composed of a plurality of external networks, such as a first external network and a second external network.
- Each of the external networks comprises a plurality of subnets and connected to a foreign AAA server (AAAF) 53, an x-HA 54, an external foreign agent (x-FA) 55, a DHCP server 56 and at least one WAP 57.
- Figs. 6 , 7A and 7B the registration flowchart and message flow for MN 80 roaming in Internet 50 are shown.
- the local x-FA 55 broadcasts an Advertisement & Challenge message 300 to query where the MN 80 is roaming in Internet 50 at step S400.
- the MN 80 sends a Registration Request (Reg-Req) message 305 to the x-FA 55 at step S405.
- the Reg-Req message 305 comprises fields including a home address (HoA), an HA address, an authentication information for AAAH 61 and an MN's Network Access Identifier (NAI) etc.
- HoA home address
- HA home address
- NAI Network Access Identifier
- the addresses of HoA and HA address should be set as 0.0.0.0 to manifest that the MN 80 intends to get an External Home Address (x-HoA) from the Internet and to know the address of the x-HA.
- the x-FA 55 then generates an MIP-Feature-Vector AVP (Attribute Value Pair) with setting the flags of Mobile-Node Home-Address-Requested and Home-Agent-Requested.
- MIP-Feature-Vector AVP Attribute Value Pair
- the x-FA 55 encapsulates the MIP-Feature-Vector AVP and other required AVPs into an AA-Mobile-Node-Request (AMR) message 310.
- AMR AA-Mobile-Node-Request
- the AAAF 53 authorizes the AMR message 310 from the trusted x-FA 55, and the AAAF 53 will check whether the Home-Agent-Requested flag in the MIP-Feature-Vector AVP is one.
- the AAAF 53 asks the AAAH 61 to assign an x-HA 54 in the foreign network as the HA of the MN 80 by setting the Foreign-Home-Agent-Available flag to one in the MIP-Feature-Vector AVP and fills the candidate x-HA's NAI in the MIP-Candidate-Home-Agent-Host AVP At last, the AAAF 53 forwards the AMR 310 to the AAAH 61 at step S415.
- the AAAH 61 Upon receiving the AMR 310 from AAAF 53, the AAAH 61 must authenticate the MN 80 first by the MIP-Reg-Req and MIP-MN-AAA-Auth AVPs 305. The AAAH 61 determines a security policy for the MN 80 (such as cryptographic algorithm or longterm shared key) by the MN-AAA-SPI (Security Paremeters Index) AVP in the grouped MIP-MN-AAA-Auth AVP 310.
- MN-AAA-SPI Security Paremeters Index
- the AAAH 61 will check whether Home-Agent-Requested and Foreign-Home-Agent-Available bits are set to one in the MIP-Feature-Vector AVP of the AMR message 310. If true, the dynamic x-HA assignment in visited realm is requested. At step S420, the AAAH 61 then establishes the SA among mobility agents and MN (for MN 80 and x-HA 54, for MN 80 and x-FA 55 or for x-FA 55 and x-HA 54).
- the AAAH 61 generating random numbers at least 128 bits known as key materials (also called nonces) to derive requested session keys for setting up the SAs.
- the MIP-Feature-Vector AVPs in the AMR message 310 issued by the x-FA 54 and the AAAF 53 also include a plurality of Key-Requests.
- the Key- Requests include MN-HA-Key-Requested for the MN 80 and the x-HA 54, the MN-FA-Key-Request for the MN 80 and the x-FA 55, and the FA-HA-Key-Request for the x-FA 55 and x-HA 54.
- the derived session keys can be securely transmitted to the x-FA 55 and x-HA 54. This is because the IPsec or Transport Layer Security (TLS, IETF RFC 2246) is mandatory to apply on protecting communication data between Diameter nodes (including servers, clients and agents). On the other hand, the nonces are instead propagated to the MN 80 because the session keys will be exposed through unprotected Mobile IP protocol.
- TLS Transport Layer Security
- the AAAH 61 issues the Home-Agent-MIP-Request (HAR) message 315 encapsulated with session key and Reg-Req message to the candidate x-HA through the proxy AAAF 53 at step S425.
- HAR Home-Agent-MIP-Request
- the MIP-HA-to-FA-Key (containing the xHA-xFA session key), MIP-MN-to-FA-Key (containing the MN-xFA nonce), and MIP-MN-to-HA-Key (containing the MN-xHA nonce) AVPs are also appended to the HAR message 315.
- the x-HA 54 can get the session key for the x-HA 54 and the x-FA 55, the nonces for the MN 80 and the x-FA 55, and the session key and nonce for the MN 80 and the x-HA 54 from the AVPs in the HAR message 315.
- MIP-Mobile-Node-Address AVP is absent in the received HAR message 315 for the x-HA 54 and Mobile-Node-Home-Address-Requested flag is set to one in the MIP-Feature-Vector AVP
- the x-HA will allocate an external home address (x-HoA) for the MN 80 within the MIP-Mobile-Node-Address AVP
- the x-HA 54 fills its address in the MIP-Home-Agent-Address AVP if Home-Agent-Requested flag is equal to one.
- the x-HA 54 then saves the MN-xHA session key and copies the nonce to the Registration Reply (Reg-Reply) message.
- the x-HA 54 then generates a Home-Agent-MIP-Answer (HAA) message 320 and sends the HAA message 320 to the AAAH 61 through the AAAF 53 at step S430.
- the HAA 320 comprises necessary AVPs like MIP-Reg-Reply AVP, Result-Code AVP, MIP-Mobile-Node-address AVP with the x-HoA of the MN 80 and an MIP-Home-Agent-Address AVP with x-HA 54 address.
- the AAAH 61 After the AAAH 61 receives the HAA message 320 sent by the x-HA 54 through the AAAF 53, the AAAH 61 obtains the x-HoA of MN 80 from the MIP-Mobile-Node-Address AVP, and obtains the address of the x-HA 54 from the MIP- Home-Agent-Address AVP.
- the AAAH 61 establishes a new HAR message 325 and fills the i-HoA and VPN-TIA into the MIP-Mobile-Node-Address AVP and our defined VPN-Tunnel-Inner-Address AVP, respectively.
- the AAAH 61 then issues the HAR message 325 to the i-HA 45 for registration in step S435.
- the i-HA 45 When the i-HA 45 receives the HAR message 325, the i-HA 45 acquires the VPN-TIA from the AVP of the HAR message 325 and registers the VPN-TIA as the MN's internal Co-located CoA. Afterward, a new HAA message 330 is then constructed by the i-HA to acknowledge the HAR 325 and sent to the AAAH 61 at step S440.
- the AAAH 61 On receipt of both the HAA messages 330 from the x-HA and i-HA with Result-Code AVP indicating success, the AAAH 61 creates the AA ⁇ Mobile-Node-Answer (AMA) message 335 with DIAMETER_SUCCESS Result-Code and the necessary AVPs (including the MIP-Home-Agent-Address, MIP-Mobile-Node-Address and MIP-Reg-Reply) are copied from the received HAA message 330.
- the AMA message 335 is sent to the x-FA 55 through the proxy AAAF 53 at step S445.
- the x-FA 55 will receive the session key for the MN 80 and the x-FA 55 and the session key for the x-HA 54 and the x-FA 55.
- the x-FA 55 When the x-FA 55 receives the AMA message 335 with Result-Code AVP indicating success from the AAAH 61, it obtains the Reg-Reply message 340 from the MIP-Reg-Reply AVP in the received AMA message 335 and forwards it to the MN 80 at step S450.
- the MN 80 gets its new x-HoA, x-HA address and nonces. The MN 80 then calculates the correct session keys with the received nonces and longterm shared key by the same hashing algorithm as the AAAH 61 used.
- the MN 80 can directly establish Mobile IPv4 registration to the x-HA 54 without involving AAA infrastructure.
- the MN 80 can connect to the VPN gateway through x-HoA.
- the MN 80 sets up IPsec tunnel 345 with the VPN gateway through IKE negotiation at step S455 and resumes the previous safe communication as in internal network.
- the MN 80 can directly communicate with the x-HA 54 through the x-FA 55 as defined in MIPv4 standard without involving the Diameter infrastructure (AAA server). Furthermore, the MN 80 only needs to register with the assigned x-HA 54 when getting a new CoA in the foreign network. There is no need to register with the i-HA 45. It will also not reestablish the IPsec tunnel within the same external network.
- the session keys possess a lifetime. If the lifetime expires, the Diameter infrastructure (AAA server) must be invoked again to acquire new session keys. Besides, if the MN 80 moves into another foreign network and wants to request a new x-HA at local, the whole process discussed above will be executed. The x-HA will be reassigned. The IPsec tunnel is reestablished.
- the present invention replaces the static x-HA with dynamic x-HA.
- the handoff latency and end-to-end latency for a roaming MN therefore, could be reduced significantly.
- the present invention leverages Diameter MIPv4 application to establish Security Associations between mobility agents.
- the x-HA could be trusted.
- the registrations with x-HA and i-HA are concurrently accomplished.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Claims (23)
- Procédé destiné à assigner de manière dynamique un agent local externe, x-HA, pour des réseaux privés virtuels mobiles, VPN, le procédé comprenant les étapes consistant à établir un VPN entre au moins un réseau externe et un réseau interne et à permettre au moins à un noeud mobile, MN, de se déplacer dans les réseaux externes en sécurité, le procédé comprenant les étapes suivantes :le MN envoie un message de demande d'enregistrement, Reg-Req, à un agent étranger externe, x-FA, lorsque le MN se déplace vers le réseau externe pour la première fois, dans lequel le message Reg-Req comprend des champs qui comprennent une demande d'adresse locale externe, x-HoA, et une demande d'adresse d'agent local externe, x-HA ;le x-FA envoie un message de demande de noeud mobile AA, AMR, à un serveur AAA étranger, AAAF, le serveur AAAF remplissant l'identifiant d'accès au réseau, NAI, d'un candidat x-HA dans le message AMR et envoyant le message AMR à un serveur local AAA, AAAH, AAA signifiant authentification, autorisation et comptabilité ;le serveur AAAH établi des association de sécurité, SA, parmi le candidat x-HA, le x-FA et le MN et génère un message de demande MIP d'agent local, HAR, à envoyer au x-HA ;le x-HA assigne une adresse locale externe, x-HoA, pour le MN et remplissant la x-HoA et son adresse dans un message de réponse MIP d'agent local, HAA, le x-HA envoyant alors le message HAA au serveur AAAH ;le serveur AAAH utilise une adresse interne de tunnel de VPN préconfigurée, VPN-TIA, comme adresse temporaire interne, CoA, du MN pour un enregistrement auprès du HA interne, i-HA, 1' i-HA autorisant le serveur AAAH à envoyer un message de réponse de noeud mobile AA, AMA, au x-FA ; etle x-FA obtient un message de réponse d'enregistrement à partir du message AMA et qui contient la x-HoA et l'adresse du HA ; et envoie le message de réponse d'enregistrement au MN ;grâce à quoi lorsque le MN se déplace dans le réseau externe, le MN utilise la x-HoA pour l'enregistrement auprès d'un x-HA assigné avec l'adresse du x-HA, grâce à quoi le MN s'enregistre auprès du x-HA le plus proche lors d'un déplacement dans le réseau externe.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, dans lequel le MN est un ordinateur portable doté d'un équipement de réseau sans fil.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, comprenant en outre, avant que le MN ne se déplace dans le réseau externe pour la première fois, l'étape suivante :le x-FA envoie un message de publicité et d'intervention au réseau externe pour demander si un MN quelconque se déplace dans le réseau externe.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, dans lequel le message de demande d'enregistrement comprend des informations d'authentification du AAAH et un identifiant d'accès au réseau, NAI, du MN.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, dans lequel le message de demande d'enregistrement comprend des champs qui comprenant une adresse locale, HoA, et une adresse de HA, dans lequel la HoA et l'adresse du HA sont fixées à 0.0.0.0.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, comprenant en outre, une fois que le MN s'est déplacé dans le réseau externe pour la première fois, les étapes suivantes :lors de la réception d'un message de demande d'enregistrement, le x-FA génère une paire de valeurs d'attributs, AVP, de vecteur de caractéristique MIP en validant les drapeaux de demande d'adresse locale et de demande d'agent local ; etfixer l'AVP de vecteur de caractéristiques MIP au message de demande d'enregistrement.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, comprenant en outre l'étape suivante, une fois que le x-FA a envoyé le message AMR ;
le serveur AAAH reçoit le message AMR par l'intermédiaire du serveur AAAF et connaît une politique de sécurité du MN grâce à un index de paramètre de sécurité MIP-MN-AAA-SPI, dans le message AMR. - Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, comprenant en outre les étapes secondaires suivantes dans l'étape où le serveur AAAH établit une SA :le serveur AAAH génère des nombres aléatoires de 128 bits au moins qui sont utilisés comme matériels de clé, les matériels de clé étant utilisés de manière à obtenir les clés de session requises pour établir les SA ; etencapsuler les clés de session dans le message HAR.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, dans lequel dans l'étape où le serveur AAAH établit une SA, le message HAR est envoyé au x-HA par l'intermédiaire du serveur AAAF.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, dans lequel dans l'étape où le serveur AAAH établit une SA, le message HAR comprend une clé MIP HA vers FA qui contient une clé de session de xHA-xFA, une clé MIP MN vers FA qui contient un nonce MN-xFA, une clé MIP MN vers HA qui contient contenant un nonce MN-xHA, une clé MIP Ha vers MN qui contient une clé de session MN-xHA.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, dans lequel dans l'étape où le x-HA assigne une x-HoA pour le MN, le message HAA est envoyé au serveur AAAH par l'intermédiaire du serveur AAAF.
- Procédé destiné à assigner de manière dynamique un agent local externe selon la revendication 1, comprenant en outre l'étape secondaire suivante dans l'étape consistant à envoyer le message de réponse d'enregistrement au MN :le MN se connecte à une passerelle du VPN en utilisant la x-HoA de telle sorte qu'un canal IPsec soit établi entre le MN et la passerelle du VPN.
- Système destiné à assigner de manière dynamique un agent local externe, x-HA, pour des réseaux privés virtuels mobiles, VPN, le système comprenant au moins un réseau externe et un réseau interne et le système établissant un VPN entre ledit au moins un réseau externe et ledit réseau interne et permettant au moins à un noeud mobile, MN, de se déplacer dans les réseaux externes en sécurité, le système comprenant :un agent local interne, i-HA, disposé dans le réseau interne et gérant un enregistrement de déplacement du MN quand il se déplace dans le réseau interne ;au moins un agent local externe, x-HA, disposé dans le réseau externe et gérant un enregistrement de déplacement du MN quand il se déplace dans le réseau externe ;une passerelle de VPN qui établit un canal IPsec entre le réseau interne et le MN de manière à assurer une connexion sécurisée du MN au réseau interne lorsque le MN se déplace dans le réseau externe ;au moins un dispositif d'assignation d'agent, serveur d'authentification, d'autorisation et de comptabilité, AAA, destiné à assigner de manière dynamique et sécurisé le x-HA fiable le plus proche du MN authentifié et autorisé pour gérer l'inscription l'enregistrement de déplacement du MN ;au moins un agent étranger externe, x-FA, destiné à gérer un enregistrement de déplacement du MN par rapport au x-HA, au dispositif d'assignation d'agent, AAAH, et au i-HA lorsque le MN se déplace vers le réseau externe pour la première fois et à établir un canal IPsec entre le MN et la passerelle du VPN, grâce à quoi le MN s'enregistre auprès du x-HA le plus proche quand il se déplace dans le réseau externe.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 13, dans lequel le réseau externe comprend une pluralité de réseaux secondaires.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 13, dans lequel le réseau interne comprend une pluralité de réseaux secondaires.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 13, dans lequel le MN est un ordinateur portable doté d'un équipement de réseau sans fil.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 13, dans lequel la passerelle du VPN et le dispositif d'assignation d'agent, AAAH, sont placés dans une zone démilitarisée, DMZ, la DMZ étant une région physique derrière Internet et devant une deuxième barrière de sécurité destinée à protéger le système dorsal de traitement et les données.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 17, dans lequel la DMZ est connectée au réseau interne par l'intermédiaire d'un routeur interne et est connectée au réseau externe par l'intermédiaire d'un routeur externe.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 13, dans lequel le dispositif d'assignation d'agent est l'un d'un serveur AAA, d'un serveur DHCP et d'un serveur DNS.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 19, dans lequel le serveur AAA établit une association de sécurité, SA, pour des agents dans un réseau qui se déplace et qui est utilisé comme centre de distribution de clés, KDC, en plus de l'assignation du x-HA.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 20, dans lequel le serveur AAA est un serveur DIAMETER IETF RFC 3588.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 13, comprenant en outre au moins un agent étranger interne, i-FA, connecté au moins à un réseau secondaire dans le réseau interne, grâce à quoi le MN s'enregistre auprès du i-HA par l'intermédiaire du i-FA quand il se déplace dans le réseau interne.
- Système destiné à assigner de manière dynamique un agent local externe selon la revendication 13, comprenant en outre au moins un point d'accès sans fil, WAP, disposé dans le réseau interne ou dans le réseau externe et utilisé de manière à fournir un accès sans fil pour le MN.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE602004027488T DE602004027488D1 (de) | 2004-09-18 | 2004-09-18 | Vorrichtung und Verfahren zur dynamischen Zuweisung eines externen Lokalvertreters für private virtuelle Netze |
AT04255698T ATE470300T1 (de) | 2004-09-18 | 2004-09-18 | Vorrichtung und verfahren zur dynamischen zuweisung eines externen lokalvertreters für private virtuelle netze |
EP04255698A EP1638285B9 (fr) | 2004-09-18 | 2004-09-18 | Appareil et procédé pour l'attribution dynamique d'un agent local externe pour des réseaux privés virtuels |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP04255698A EP1638285B9 (fr) | 2004-09-18 | 2004-09-18 | Appareil et procédé pour l'attribution dynamique d'un agent local externe pour des réseaux privés virtuels |
Publications (3)
Publication Number | Publication Date |
---|---|
EP1638285A1 EP1638285A1 (fr) | 2006-03-22 |
EP1638285B1 true EP1638285B1 (fr) | 2010-06-02 |
EP1638285B9 EP1638285B9 (fr) | 2010-09-15 |
Family
ID=34930670
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP04255698A Not-in-force EP1638285B9 (fr) | 2004-09-18 | 2004-09-18 | Appareil et procédé pour l'attribution dynamique d'un agent local externe pour des réseaux privés virtuels |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1638285B9 (fr) |
AT (1) | ATE470300T1 (fr) |
DE (1) | DE602004027488D1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101316228B (zh) * | 2007-05-31 | 2010-12-08 | 中兴通讯股份有限公司 | 外部代理更新与重定向后家乡代理相关的安全参数的方法 |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101656959B (zh) * | 2009-09-10 | 2012-02-29 | 中兴通讯股份有限公司 | PMIP中HA获取MN-HA key的方法、设备及系统 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE60329844D1 (de) * | 2002-06-28 | 2009-12-10 | Cisco Tech Inc | Verfahren und Vorrichtung für Verankerung von Mobilknoten unter Verwendung von DNS |
-
2004
- 2004-09-18 AT AT04255698T patent/ATE470300T1/de not_active IP Right Cessation
- 2004-09-18 DE DE602004027488T patent/DE602004027488D1/de active Active
- 2004-09-18 EP EP04255698A patent/EP1638285B9/fr not_active Not-in-force
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101316228B (zh) * | 2007-05-31 | 2010-12-08 | 中兴通讯股份有限公司 | 外部代理更新与重定向后家乡代理相关的安全参数的方法 |
Also Published As
Publication number | Publication date |
---|---|
EP1638285A1 (fr) | 2006-03-22 |
EP1638285B9 (fr) | 2010-09-15 |
ATE470300T1 (de) | 2010-06-15 |
DE602004027488D1 (de) | 2010-07-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7486951B2 (en) | Apparatus of dynamically assigning external home agent for mobile virtual private networks and method for the same | |
US7477626B2 (en) | Apparatus of dynamically assigning external home agent for mobile virtual private networks and method for the same | |
US7805754B2 (en) | Communication method and apparatus using IP address of VPN gateway for mobile node in a VPN | |
US6915345B1 (en) | AAA broker specification and protocol | |
US7065067B2 (en) | Authentication method between mobile node and home agent in a wireless communication system | |
US7840217B2 (en) | Methods and apparatus for achieving route optimization and location privacy in an IPV6 network | |
KR100988186B1 (ko) | 다중 네트워크 상호연동에서의 홈 에이전트에 의한 동적 홈어드레스 할당 방법 및 장치 | |
US20050195780A1 (en) | IP mobility in mobile telecommunications system | |
US20060078119A1 (en) | Bootstrapping method and system in mobile network using diameter-based protocol | |
US8611543B2 (en) | Method and system for providing a mobile IP key | |
EP1782574B1 (fr) | Raccordement rapide de reseau | |
US20060230445A1 (en) | Mobile VPN proxy method based on session initiation protocol | |
US8289929B2 (en) | Method and apparatus for enabling mobility in mobile IP based wireless communication systems | |
EP1993257A1 (fr) | Procédé et entité pour fournir une connectivité sécurisée dans un réseau interne pour un noeud mobile | |
JP4510682B2 (ja) | 移動式vpnのエージェントをダイナミックに割り当てる方法及び装置 | |
US8805329B2 (en) | Method and system for assigning home agent | |
EP1638285B1 (fr) | Appareil et procédé pour l'attribution dynamique d'un agent local externe pour des réseaux privés virtuels | |
JP2006352182A (ja) | 移動式vpnのエージェントをダイナミックに割り当てる方法及び装置 | |
EP1708449A1 (fr) | Proxy VPN mobile sur la Session Initiation Protocol (SIP). | |
EP1638287B1 (fr) | Appareil et procédé pour l'attribution dynamique d'un agent local externe pour des réseaux privés virtuels | |
Chen et al. | Mobile virtual private networks with dynamic MIP home agent assignment | |
Liu et al. | Dynamic external home agent assignment in mobile VPN | |
Chen et al. | Fast handoff in mobile virtual private networks | |
KR100687721B1 (ko) | 모바일 IPv 6를 지원하는 다이아미터 AAA프로토콜의 확장 방법 | |
Park et al. | Secure firewall traversal in mobile IP network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL HR LT LV MK |
|
17P | Request for examination filed |
Effective date: 20060531 |
|
17Q | First examination report despatched |
Effective date: 20061006 |
|
AKX | Designation fees paid |
Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: LIU, YI-WEN Inventor name: LIN, LI-WEI Inventor name: CHEN,JYH-CHENG |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REF | Corresponds to: |
Ref document number: 602004027488 Country of ref document: DE Date of ref document: 20100715 Kind code of ref document: P |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: VDEP Effective date: 20100602 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20100930 Year of fee payment: 7 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100903 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20100924 Year of fee payment: 7 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20101004 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: BE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20100930 Year of fee payment: 7 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: MC Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20100930 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
26N | No opposition filed |
Effective date: 20110303 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602004027488 Country of ref document: DE Effective date: 20110302 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20100930 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20100930 Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20100918 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20110918 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: ST Effective date: 20120531 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602004027488 Country of ref document: DE Effective date: 20120403 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20120403 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20110930 Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20110918 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20100918 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20101203 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100602 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100902 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20100913 |